Schneier on Security

Bruce, any legislation will legalize some forms of total surveillance while pushing the legalization of the rest into the future. In my opinion hoping that the .gov will listen (now and in the future) to Bruce Schneier and not to Acxiom is unrealistic and it wont happen.

Alternatively, instead of hoping the already oppresive .gov will tie its hands and not use tools that will make it stronger, we can try and eliminate the .gov from the picture altogether...

Finaly, one does not hope for the market to solve things - the market does solve things, always. And thats not because the market is some magic deus ex machina, but because it is the sum of all its human and organizational participants. Your privacy is your private property and the moment you give legislative power over your privacy to the .gov you delegate it indirectly into the hands of Acxiom. I think that in the long run this is a bad tradeoff.

Thats how I see it.

> [...] prosecutors today use the fact that someone left his cell phone at home as evidence that he didn't want to be tracked?

Reference, please?

I agree with ted that the market does solve problems. However, I think ted overlooked the fact that the "market" solves problems to its benefit. For example, customer loyalty cards: what problems do they solve? No more surreptitious collection of data, the customer volunteers it. No complicated database querying to find correlations, you scanned your card at checkout *proving* the correlation.

What problems does it solve for the consumer? It provides discounts. Yes, the prices are artificially increased to give the illusion of the discount, but people don't care. They see **savings**. (Remember, the US is a culture that largely believes that you have to spend more to save more.)

And until there's some outright nightmarish problem with this scheme that people will recognize, they'll keep volunteering for it and the "market" will continue to make it easier for business.

Seems to me that what we have now is a lot of agencies and corporations holding information about us;  but often, each one has only part of the picture.  Sometimes they have links to each other, but mostly there are no links and no way to put together the complete picture.

For example, I don't think my car's movements can be *reliably* linked to my phone calls or to the books that I buy at Amazon;  but because Amazon has my e-mail address, my book purchases could be linked to my e-mail messages.

The failure of the DHS no-fly list shows that even the government doesn't have a reliable way to identify people.

What's needed for proper surveillance is a compulsory identity card that everyone must have.  Then allow that identification to be required every time anyone opens an account, registers for a service, fills in a government form, stays at a hotel, rents a car, etc.  Then the card number will be attached to every transaction that has an electronic record, either directly because the ID is presented, or indirectly by the use of a credit card, car, phone, etc., that can only be obtained by presenting the ID.  Then the government, and corporations, can really get a full picture of everything we do, and the no-fly list will work because there's a unique ID attached to each name.  Until then, we have a tiny margin of privacy.

(For completeness, I guess every visitor to the US would have to get an ID number too, otherwise there would always be a residue of transactions not linked to people.  And I don't know what they'd do about all the people who are in the country illegally.)

I can't reproduce your data storage requirement for 500 MOU/month of cell calls. You say 5 Gbytes/year.

I get 500*60*365 = 0.36 megaseconds/year

Compressed speech requires about 10,000 bits/sec (1,250 bytes/sec) to record both sides of a call.

0.36 * 1,250 = 0.45 Gbytes/year.

note that if you record at PCM rates 64 kbits/sec and record each side separately you get about 5 Gbytes/year.

Chuck J

It all smacks of "1984" (Orwell). Government of the people by the government for the government.

@ted:

1st: The market will solve the problems that are profitable to solve - what is your business model for the privacy market? What do you expect happens to your personal data when your privacy company goes bankrupt?

2nd: Do you place more trust in some arbitrary corporation to protect your data or in a government where at least you have a vote?

>The phone company keeps detailed call records for billing purposes; the police use them to catch bad guys.

The problem is not that the police use information that has been collected to catch the bad guys--who wouldn't be for that? The problem is that the police can gain access to the data wheither they are looking for a bad guy or not, under the umbrella of "safety" and "security".

David Brin's Transparent Society has a partial answer for this trend: transparent surveillance. If everyone has access to the data and unforgeable logs are kept, then oversight is possible.

However, this cannot happen without a major social adjustment. While legislation should align with our goals, soceital norms will dictate actual behavior. There will need to be social stigmas attached to such behaviors. Voyuerism already has such a stigma.

I am actually hopeful that if pervasive surveillance is transparent enough, society will improve. Individual connection to society is weakened when one is anonymous in everyday dealings. If everyone is a stranger, then we all become mistrustful and disconnected. I hope soceity will adapt to pervasive surveillance and create new ways to maintain interpersonal bonds than incorporate technology.

We worry about surveilance in public by traffic cameras and similar devices.

The courts ruled many, many years ago that U.S. citizens have no reasonable expectaiton of privacy when they are in a public place. That's one of the reasons that a newspaper does not need your permission to publish a photo of you in a crowd.

Citizens of this great republic must be more concerned about the unregulated database companies that collect informaiton about us than traffic cameras and cell phones.

If you are worried about e-mail privacy, encrypt it. If you are worried about cell phone monitoring, encrypt it.

A couple unrelated comments: First, once you've got all this data running around, how do you do anything useful with it? Except in a few notable instances, the bandwidth for searching these kinds of archives is massively overmatched by the quantity of data. Even as storage capacities increase and CPUs get more powerful, the von neumann bottleneck is still with us, perhaps more than ever. (This may turn out to be a good thing, or it may mean that only the privileged few get to use and abuse the enormous archives we're generating.)

Second: with remote reading of license plates, webcams that can can read UPC codes and so forth, you don't need to be using electronic-payment methods to become part of the digitized universe. You go into a bookstore and pay cash, and the store can correlate the ISBN of your purchase with the picture from the register surveillance camera, which in turn links to the license plate of the car you get into in the parking lot. (I'm sure there would be a few rough edges on installing such a system right now, but error rate doesn't seem to be a big deal for surveillance systems these days.) You can opt out of leaving some kinds of digital trail by concentrated efforts, but you'll leave others simply be existing.

Most people talk of privacy in terms of defensive actions, like not giving out information or passing laws to protect it. This doesn't work because there will always be those who will find ways to con you out of information or get it illegally. For example, have you ever filled out a warrantee registration card or mail in rebate? Would you be surprised to find out that you may have mailed it directly to a company like Acxiom?

I prefer the path of database corruption. People who want information may prevent you from doing something if you don't give it to them. Very few will notice or care if you give them invalid information. Discount cards give you a discount for attaching a number to your transactions. They don't care if the name on the card and your credit card don't match. If you use cash, they wouldn't even know they don't match. If you traded cards with someone, the purchasing habits would be inconsistent, but you'd both get the same discounts.

One of my friends used to rot13 the name of someone asking for information and make a plausable sounding name to provide. (He could do rot13 in his head.) This allowed him to get new junk mail and figure out who sold the information. It also served the purpose of poisoning these databases with a lot of invalid information.

The point that is often missed is that data aggregators like Acxiom don't do much validation of the information they receive. They sell information by volume. There's a profit anti-motive to finding something that would tie my home address to my private mailbox. If they did that, they would have information about one individual to sell. If they ignore those details, they have information on two "people".

The more consistent and valid information you provide to the various parties that request it, the more valuable the databases compiled by companies like Acxiom are. Everyone who poisons the databases makes their product less valuable. The companies who buy the information want to sell things to those people. Response rate is the most important factor. That is reduced by the number of duplicate or invalid people who are mailed.

"David Brin's Transparent Society has a partial answer for this trend: transparent surveillance. If everyone has access to the data and unforgeable logs are kept, then oversight is possible."

What Brin misses is the power imbalance. It simply isn't the same if, when a policeman asks for ID, if I ask to see his as well. Mutual disclosure is not the solution.

Based on the last few years of reading your blog, I think this is your best post. Both for the comprehensive articulation of the facets surrounding privacy and the importance that needs to be accorded to this matter. I wish your (our) voices make a difference and gain vital political capital to make a difference.

I liked your pollution analogy, and would stretch it further - unchecked pollution blows a hole through the ozone layer; much as unchecked tracking and correlation of consumer data blows a hole through our current notions of fair play and liberty. Immoral corporations with vested and dubious interests mock and flippantly discard the deleterious effects in both spheres. Finally, if not checked in time, it will be too late to reverse and will alter our way of life as we know it today.

The problem as you know is not limited to phones. Web usage, email, shopping habits, public transportation "tickets" such as Metrocard and EZ-pass, and even satellite radio in one's car can be used to track people. (Not many people know the history of the satellites being used, but they might find looking into that interesting.)

And yet Osama bin Laden still has not been located.

It's too late; this battle has been *lost*. As Bruce points out, this information is too valuable for too many people -- any legislation written on the subject will be written, or at least amended, by the interests of those who have become accustomed to having this sort of wholesale information at their disposal and who will not want to give it up. The fact that, as the article points out, most people don't think of surveillance as being so pervasive is largely irrelevant, since the fundamental problem is that most people simply don't care, as long as it's not *inconveniencing* them in an immediate, clear way.

The only thing is to get used to it. Total surveillance is here to stay, whether we like it or not.

"It's too late; this battle has been *lost*."

That's simply not true. The death of privacy has been predicted for generations. It was predicted when the camera was invented, and then the audio recorder, and then the video recorder.

Scott McNealy famously said in 1999: "You have zero privacy anyway. Get over it." David Brin wrote "The Transparent Society" in 1998. Simson Garfinkel write "Database Nation" in 2000. Last year Robert O'Harrow published "No Place to Hide." You can go as far back as 1969 and read Jerry Rosenberg's bok on the same topic: "The Death of Privacy."

The truth is that the death of privacy is overrated. Just because there are cameras, it doesn’t follow that taking pictures of people naked is inevitable.

We can solve this, but it will take laws. The market won't do it for us.

Backwards thinking Bruce... here is why:

What is the privacy you describe that is gone away?
100 years ago could you not hire 10,000 to stand next to a road and report who drive/rides by?
What has really changed?
The amount of "watching" does nothing to the "rights" involved.

Privacy is not a solid object! If you try and defend privacy you will LOSE.

What can you defend? Property!!! Companies are using YOUR purchasing history, YOUR credit history, YOUR travel patterns, etc. and making money with it!
This means YOUR information is like oil. They mine the information, refine it, and sell...but HOW DID THEY EVER GET THE "RIGHTS"?

We should sue the companies and the govt for taking our information and not paying us for it.

That is how we CAN win. Defending privacy is how we WILL lose. Defining information as property is how we will WIN.

A couple of items:

1. The Universal Transparency site had a "Surveillance Bill of Rights that suggested the conditions that would be required to make a transparent society workable. Things such as "Surveillance is never to be used for misdemeanors of any type.", "Surveillance can be used for violent felonies and chaos only", "Anonymity must be guaranteed periodically for elections, whistelblowing and other specified areas","The Government will provide safe and secure meeting places for its citizens to have privacy" and "Transparency must be applied to the Government approximately equal to that applied to its citizens." Rather a tall order for this world.

Alas, that document's site was recently defaced and the text is obscured. (You can view the source code for http://www.universaltransparency.org/modules.php?name=Content&pa=showpage&pid=9
and get the text or you can run that URL through archive.org and see a pre-hack/cracked version of the page.)

2. Bruce's essay and the comments here seem to echo in part the reported keynote speech comments made by Privacy International's Simon Davies at Black Hat Europe 2005. Davies was speaking about the "coming Dark Ages for Privacy". Unfortunately, a publicly accessible transcript or recording of the speech isn't available. A story about Davies speech can be found at http://www.channelregister.co.uk/2005/04/01/privacy_resistance/

A system to register all vehicles passing in and out of central Stockholm was implemented this year. The environmental party rationale is to reduce traffic in inner city by charging owner varying fees for when a vehicle enters the zone and for how long it stays. Frequent vistors can buy a transponder for autodebit, less frequent must pay manually. The system tracks license plates, matches received payments, and bills discrepencies with punative surcharges afterwards.

Imagine the surprise when people nowhere near Stockholm receive such bills, sometimes for cars that are not even registered or driveable. But such details do not free them from paying, oh no. The *system* has recorded their vehicle's presence -- that is a *fact* -- they must pay up.

And the system is being touted a great success. Which perhaps it is, given the scale of the new infrastructure and database management it required.

Other forms of person tracking, say on the Web, are bound to show comparable mistakes (or worse) but likely be even harder to contest. How to prove one did not make a particular phone call, send or receive a particular e-mail, or visit a particular website several years after the alleged fact?

Bruce overestimates the amount of privacy people had in, say, small-town Ohio 100 years ago.

Bruce also mixes together several bogeymen. If we're collectively afraid of governments using overhead imagery to look for building-code violations, isn't that really just an indication that we're unhappy with our building-code laws? Is Bruce's thesis that bad laws are OK if we just blind the policemen? I'm at least as worried as the next guy about the government doing bad things to me, but I'd rather solve that by limiting the government's power to do bad things than by making the government stupider.

As for advertisers, I happily anticipate the day when an advertiser is so sure that I'll buy his new Widget 3000 that he's willing to pay the fee I impose to get his ad into my mailbox. The problem with spam is that it's for stuff I don't want.

@AG

Good points, and that's why identities can be "stolen"...

@Bruce

The government already knows the value of information security and privacy. How many times a day does it toss around the words "sorry, classified" to protect something or someone? The question is really what to do if the government is most interested in protecting the most affulent citizens (e.g. "corporations") or CYA rather than working towards a concept like the common good or "reasonableness".

Also, interesting news about the CIA being sued for protecting its own information:

http://news.bbc.co.uk/2/hi/americas/4778680.stm

And then there was the news about the administration's reclassification of random historical files, perhaps to protect itself from historians (don't forget Cheney and Rumsfeld actually were in office more than 25 years ago):

http://news.bbc.co.uk/2/hi/americas/4735570.stm

"US intelligence agencies have been removing thousands of historical documents from public access, the New York Times has reported.

The restoration of classified status to more than 55,000 pages began in 1999, the paper said.
[...]
The New York Times said the reclassification programme accelerated after President Bush took office and especially after the 9/11 attacks.

But because it runs in secrecy, it continued without being noticed until December 2005."

See, the government loves privacy...

@ Peter Pearson

"I'm at least as worried as the next guy about the government doing bad things to me, but I'd rather solve that by limiting the government's power to do bad things than by making the government stupider."

Agreed. Although it might be worth noting that the threat could actually be the next guy working as an informant/proxy, so you'd need to limit the power to do bad things on behalf of the government as well.

Take for example the recent House legislation that gives up to $5,000 in tax deductions to anyone installing surveillance equipment in/around their residence, and up to $50,000 for businesses...

@Eric N

Eric, (1) it seems we have slightly different ideas of what constitutes a market. A market is the sum of situations in which exchange occurs. To say that a market will solve problems that are profitabnle to solve is a fundamental misunderstanding. I have a problem - I need flour for the pizza I want to bake, I buy a flour from the local shop. An exchange has occured in which I profited - I got the flour for my pizza, and the shop owner Angelo has profited. What I am driving at you is that in a system of private ownership there are no problems which are not 'profitable', or rather, it is up to me and the other party in the exchange to decide what is a profitable rate of exchange and define profit per se. No more no less.
Now, my private data is my private property in its entirety and what I decide to do with it should be entirely within my own competence. If I decide to engage in an free exchange with an organization and sell them part or all of my property is entirely up to me and no .gov should have anything to say about that. Also, if, on the contrary, I do not wish an organization to be in possession of my private property then it wouldnt be. Also, should I decide to outsource the management of all or part of my private property to an organization, I should be able to do so subject to a mutual contractual obligation as to the position of my private property at any given point of time. Where exactly is the problem with that?

(2) Your second issue links with my reply to the first. Yes, there is a problem in the system I outline above and the name of the problem is - .gov. The .gov comes in, in the middle of a free exchange of property and declares (legislates) that my private property shall belong to the .gov from now on, and furthermore, that the .gov shall have all the rites to my property whereas I will have none...
You ask whether I trust a .gov I havent elected, I cannot possibly influence, and even if I am able to influence now I have no guarantee that it wont change its mind in the future? You ask whether I trust such an institution with my private property over an institution with which I am in a contractual and free exchange?

In my opinion and from my limited but personal experience, no bureaucrat should have any say over what I do with my private property..

Cheers and thanks Bruce for the great blog

Some years ago I read a security book where the author said it was no use relying on laws for privacy and he'd rather rely on mathematics. I suppose I could search on the web - he's probably got a blog these days.

oh, i still walk into bookstores, browse and pay cash. i don't want my juvenile, lowbrow taste in literature to become widespread knowledge.
@damon:
i disagree that there is a stigma associated with voyeurism. maybe for some people, but i shed the stigma by getting in touch with and relating to my inner voyeur, and realizing that we're all voyeurs, we just have different tastes in what we like to watch.

David Brin gives the lie to his own ideas of Transparent Society ideas in his book Kiln People.

In it, people can be tracked by data correlation software (for a price) as they travel down a street, between cameras. The wealthy and the powerful are capable of tracking the poor and the powerless, while simultaneously being able to elude this same network by application of other technologies.

I find this scenario to be more plausible than the more optimistic alternative interpretations.

While surveillance might originally be used for legal, ethical purposes, eventually it will fall into the wrong hands. The more information you store, the worse it is when it falls into the wrong hands. Huge databases full of information necessary to engage in credit card fraud, tainting your credit? Been stolen. FBI agents collecting confidential information on companies as part of an investigation? Information sold to stock traders. Police databases ? Used to try and silence media critics. Repeatedly abused for personal use.

Privacy laws help create barriers to make abuse harder. When abuse happens anyway, privacy laws can help reduce the damage.

Is it possible to purchase generic-use MasterCard / Visa branded cards with a prepaid value on them, kind of like gift cards? If I can purchase these with cash at a store and then use them for internet transactions, I wouldn't even mind paying a small premium.

Are there reasonably priced and reasonably performant web proxies with https to the proxy available out there?

I would love to see a comprehensive list of things we can do in this online world, to minimize and better yet eliminate tracking and profiling.

IBM and the city of Stockholm cooperated in a total car surveillance effort. The CNet article phrases it nicely: "The system revolves around a concept that would be political suicide in many parts of the world."

Basically they had folks glue RFID tags in their windshields, then photographed everybody's license plate who didn't ping the transponder. (I suppose it would be too much to hope for that one person from New Hampshire happened to have their car shipped over, so that files would include a snapshot of a license plate that says "Live Free or Die.")

Cut down on traffic, all right.

http://news.com.com/2100-1039_3-6046130.html?part=rss&tag=6046130&subj=news

Jason, I disagree with your interpretation. Brin is saying that the loss of privacy (as in Kiln People) is inevitable, and the proposals in Transparent Society are proposals to limit the damage. As Bruce says above, there is still a power imbalance. But without the ability to watch the watchers it will be even worse.

Peter Pearson has a good point: one reason we're so worried about government's increased ability to do surveillance is that most of us violate at least one law (mostly traffic laws) every week, and the current system randomly imposes punishments, with such wide latitude given to the police that enforcement is wildly unequal ("driving while black", for example). And then there are all the small towns that use speed traps to fund their police departments.

What if it were possible to detect and punish every moving violation? Instead of blinding the cops, or keeping the current system where the cute young woman hears "I'll let you go this time" while the threatening-looking young guy gets pulled out and strip-searched for the same offense, maybe it would be better to actually enforce all violations, with greatly reduced fines for each individual violation, and appropriate guard bands and sensible exceptions put into the law (e.g. you can speed for a short time while passing another vehicle, etc).

@Peter

I suspect you are talking about Stefans Brands -
www.idcorner.org

There are crypto techniques for controlling information dissemination. These should be applied, but without legislation to enforce these techniques, we are going nowhere.

Other comments were made about encrypting information. These are rather naive comments. Confidentiality of communications will not prevent against information leakage. I.e. Mobile phone conversations may be kept secret but one will still know both parties in the conversation and where those parties are located. Such information can be used to determine ones social group, habits etc.

A good article, but is it necessary to always mention terrorists and child pornographers whenever we're talking about privacy? It starts to get irritating these days, as if everything about privacy would revolve around terrorists and child pornographers. Please.

There's only relatively few terrorists and child pornographers among millions of law abiding citizens, so it makes absolutely no sense at all to base any decisions about privacy (especially when it affects everyone) on anything that has to do with them. It's just getting silly.

Anyways, I don't think there's anything wrong with say aerial photographing that's only precise enough to see structures (and how'd you make say maps without aerial photographing anyway?), but not more details like people. It's ofcourse true that you could increase the resolution to see people or even more details (and technology getting better will make it possible to see even more details), but you're right that laws regulating it is the way to solve the problem as far as technology and privacy are concerned.

However, there will always be someone suggesting that the government would need to be excempt from the regulation in order to catch terrorists (or whatever happens to be the scare of the day) and I think that's a much harder problem to solve.

I still have to wonder how useful *all* this information is. Can it really all be processed into any sort of usable form? You would think with such a lack of privacy and so much information available that there would be no fugitives. Obviously that is not the case. I have a very common first name and a very, very common last name. There are three folks here at the university with identical first, middle, and last names as me. A Google search for my exact first name, middle initial, and last name returns 508 hits. Only one or two are actually related to me and those are both reposts of a reply I left on a tech forum years ago.

If someone were to take a special interest in me and started tracking my phone calls, web use, and daily meanderings, then yes, I guess they'd get a pretty complete picture of my life. But that is as it has always been.

I don't want to seem like the frog in the pan of boiling water, but I wonder if we're really at the point of Big Brother being able to *use* all the info he's collecting. Still, Bruce is on solid ground when he says now is the time to set up legislation to protect our privacy so when BB does have the wherewithal to instantly and accurately correlate all the data, there will be some safeguards in place.

Here's the link to the new law (Secure America’s Homes and Businesses Act of 2005 - HR 3632) that I mentioned above:

http://thomas.loc.gov/cgi-bin/query/z?c109:H.R.3632:

`(b) Maximum Deduction- The deduction allowed by subsection (a) for the taxable year shall not exceed–

`(1) in the case of a qualifying electronic premise security system installed in a residential premise, $5,000, and

`(2) in the case of a qualifying electronic premise security system installed in a commercial premise, $50,000.

@ Mark J.

"I still have to wonder how useful *all* this information is. Can it really all be processed into any sort of usable form? "

Think of it like gossip. A little bit of information, gleaned from a lot of data, can go a long way. It's not that all the information will be used, but some may make it into the "wrong" hands and the potential for harm from misuse (unauthorized), misunderstanding, misinterpretation, or misrepresentation is much higher. In other words, in terms of risk, the lack of privacy controls means you are more vulnerable to exposure and the prevalance/spread of data means the threat is severe. Now you just need to calculate the value/loss of the data exposed...

AG said:
"What is the privacy you describe that is gone away? 100 years ago could you not hire 10,000 to stand next to a road and report who drive/rides by? What has really changed?"

What a silly example. Did anything like this ever happen? No, because it is highly impractical. You're comparing that to video surveillance (or any of the other privacy issues being discussed), and asking "what has really changed?" Really?

"The amount of 'watching' does nothing to the 'rights' involved."

I'm not sure I entirely agree with that. Do we not have stalking laws?

However, you might be trying to make the point that, when it comes to our "rights", we only have a "reasonable expectation of privacy" in our homes (and public restrooms, changing rooms, motels, etc.) if we take "reasonable steps" to maintain this privacy (shut the doors, cover the windows, and so on). In other words, we have never had any privacy outside of the home anyway, so we should not expect any now.

I hear that argument a lot (e.g. check out Bruce's other recent articles on privacy). While technically correct, this line of thinking only considers our theoretical underpinnings of privacy, ignoring the practical realities. The reality is that humans hate to be watched, and that for our entire existence, we have gone about or daily business confident that we were not being watched -- and we were mostly correct in that assumption. (And when we were incorrect, bad things followed ...)

Only in the last few decades has the technology emerged to turn this assumption on its head. And only very recently has digital technology dramatically reduced the cost, making it widespread. And only in the near future will data storage, aggregation, and mining techniques permit all of this input to be processed.

To ignore the changing technologies and apply the concepts of yesteryear is, to put it mildly, foolish.

Bill being introduced in New Jersey. You can get to it by clicking on "an Anonymous Coward" below.

This bill would require an operator of any interactive computer service or an Internet service provider to establish, maintain and enforce a policy requiring an information content provider who posts messages on a public forum website either to be identified by legal name and address or to register a legal name and address with the operator or provider prior to posting messages on a public forum website.

The bill requires an operator of an interactive computer service or an Internet service provider to establish and maintain reasonable procedures to enable any person to request and obtain disclosure of the legal name and address of an information content provider who posts false or defamatory information about the person on a public forum website.

In addition, the bill makes any operator or Internet service provider liable for compensatory and punitive damages as well as costs of a law suit filed by a person damaged by the posting of such messages if the operator or Internet service provider fails to establish, maintain and enforce the policy required by section 2 of the bill.

I have not heard too many practical suggestions so far. Here is a summary; please correct me if my characterizations are unfair:

ted: No legislation, (or) eliminate the government, but don't look to the market. Wait, what was your point?

Damon: "Transparent" surveillance -- Okay, you can watch me, but I can watch you too.

Emery Jeffreys, Not As Anonymous, another_bruce: Deal with it. Use encryption and/or cash if you are worried.

Mike Sherwood: Database corruption -- Use bogus data in form fields.

AG: Civil courts -- information about me is private property.

Bruce Schneier, Alan De Smet, Mark J: Legislation -- but nothing specific.

This is not very encouraging. We need real ideas.

I think AG has a solid point about private ownership of personal information. However, I don't think it is adequate, because it doesn't define what happens when personal information is abused. Waiting for the courts to establish precedent is, in my opinion, dangerous.

I agree with Bruce et al that we need legislation. So I'm hoping that the debate steers towards that topic. Specifically, what kind of legislation?

It's tempting to outline all of the bad scenarios and create corresponding laws. However, this may be futile, because of human ingenuity and changing technology. There's probably an infinite number of bad scenarios awaiting us.

Elaborating on AG's idea, perhaps we can build on the existing framework of copyright law and intellectual property. I have to admit, it pains me somewhat to write that, given how frequently the system is abused. However, most of society -- myself included -- is unquestionably behind the basic concepts of IP.

This would require that we pin down the fuzzy concept of "personal information." Then we could define what constitutes (the equivalent of) "fair use" of this information. Finally, we could define penalties for "infringement" (illegal copying) of this personal data.

Thus, for example, video of me would constitute personal information which could not be copied. Fair use would permit using this video for, say, security purposes, but would not permit you to sell this information to an aggregator.

I would agree that building on a broken foundation (IP law) is dangerous. However, because of changing technology, we must address the failures with IP law anyhow. Perhaps in the process we can define "privacy" for the 21st century.

On identity theft:

I have a great defense against it-- I have credit card balances and a second mortgage that I haven't paid on in three years.

Damon, I think your comments perhaps reflect a utopian ideal, never realizable because humans by their nature are greedy. It's the tragedy of the commons. Given the option, many people will seek to exert more control and extract more benefit from society while contributing less. I think our only hope is twofold: 1. legislation that protects individuals FROM government and corporations, and; 2. Individuals being knowledgable about security and actively protecting their personal privacy.

The difference between today, and a small town a hundred years ago, is that a hundred years ago you could always move to another small town in another state and your reputation wouldn't follow you.

As for Brin: I'm not so sure the power is that imbalanced. If I simply ask to see the cop's ID, that's imbalance. But if I record video of my entire interaction with that cop, and post it on the internet, he's liable to behave. Nobody wants another Rodney King situation.

I alone have very little power. All private citizens together have quite a bit.

Unsurprisingly, the same people infringing on our privacy are clamping down on information disclosure by government, and arresting private citizens for taking pictures.

@ Michael

"The reality is that humans hate to be watched, and that for our entire existence, we have gone about or daily business confident that we were not being watched -- and we were mostly correct in that assumption. (And when we were incorrect, bad things followed ...)"

This makes me think of the theory of evolution more than anything. I suppose if you are aware that someone/thing is watching you, you are more likely to prepare to survive whatever comes next...

"This would require that we pin down the fuzzy concept of 'personal information.' Then we could define what constitutes (the equivalent of) 'fair use' of this information. Finally, we could define penalties for 'infringement' (illegal copying) of this personal data."

But what if it is impossible to put a pin on things that are fuzzy -- to define "fair" use versus "unfair"? This really takes us back to the question of who carries the burden of proof, and what are the rules of engagement, no?

Also reminds me of cultures that advocate sharing and borrowing as a principle of living well, the very opposite of our IP laws that suggest success comes from assertion/defense of exclusivity.

Humankind is pretty bad on anticipating things. Usually we evolve by reacting. Here we know that may become a problem but since this doesn't affect directly our health or our life we are procrastinating and we are focussing on things we think are more important at that time, our little comfort.

"That is how we CAN win. Defending privacy is how we WILL lose. Defining information as property is how we will WIN."

Um, no. Defining information as property is how we will all lose. Defining privacy as a right is how we will win.

"Some years ago I read a security book where the author said it was no use relying on laws for privacy and he'd rather rely on mathematics. I suppose I could search on the web - he's probably got a blog these days."

I'm pretty sure he recanted in a later book.

"What is the privacy you describe that is gone away? 100 years ago could you not hire 10,000 to stand next to a road and report who drive/rides by?"

No, you couldn't. Well, you could in theory, but you couldn't in practice.

"What has really changed?"

That's exactly what has changed. What was once only theoretically possible has now become easy.

"In the past, personal and political liberty depended to a considerable extent upon government inefficiency. The spirit of tyranny was always willing; but its organization and material equipment were generally weak.

"Progressive science and technology have changed all that completely."

"Science, Liberty, and Peace," Aldous Huxley, 1948.

Imagine what he would think of today's technologies?

"I agree with Bruce et al that we need legislation. So I'm hoping that the debate steers towards that topic. Specifically, what kind of legislation?"

Here's a great start:

http://www.schneier.com/blog/archives/2006/02/a_model_regime.html

"As for Brin: I'm not so sure the power is that imbalanced. If I simply ask to see the cop's ID, that's imbalance. But if I record video of my entire interaction with that cop, and post it on the internet, he's liable to behave. Nobody wants another Rodney King situation.

"I alone have very little power. All private citizens together have quite a bit."

Agreed. The keys to making this work are aggregation and leverage.

@Michael Birk
You didnt get me or maybe I wasnt clear enough - the only negative in the system is the government, markets always solve all the issues that are input into them, otherwise they wont be markets. So to put it even more bluntly - take the government power to divide and conquer away and leave it to individuals to negotiate their own rights (of property).

@Bruce
There is a larger ideological issue it seems, when you say we will win by defining privacy as a right. Well, it has been defined as a right at least for the last hundred years or so - and we are nowhere near winning. How many more centuries would the project of privacy as rights need until things go better?

The deep underlying philosophical problem of priacy as a right vs privacy as property revolves around the fact that rights are bestowed to you by authority, whereas property is yours from the get go (or from a free exchange). When you delegate the capacity to bestow rights to an authority (the government), as Bruce proposes, you inherently delegate also the capacity of this or any future government to redefine or take those rights away. In effect your rights are not yours, but a lease from giovernment. However, in a system where private property is respected and your privacy is your property, it is realy only you who decides what to do with it.

So actually the choice is not between good government legislation and bad governemnt legislation - the very institution of legislation without contractual obligation is the problem.

I can illustrate this with a very recent example: Walmart has a problem with local competitors who beat it on price. What does Walmart do? In a free market system Walmart will have to either increase the quality of its products or further decrease prices in order to attract clients. In the USA of today (which is nowehre near a free market), Walmart actually lobbies the government for the increase of minimum wage. Everyone ignorant of economics (the majority) is happy because they think Walmart has demosntrated it is a 'moraly responsible corporate citizen' by respecting 'the right to a decent wage' etc etc. In fact Wallmart has calculated that it can offset the wage increase (economy of size), while the local competition will have to reflect the increase in wages (and hence expenditure) in its prices and hence lose its competitive advantage over Walmart, and hence get thrown out of business. Walmart wins, many small businesses disappear, Thats how you end up with big corporations, big government and zero privacy.

Cheers

@Davi
I think we are indeed genetically pre-programmed to notice "staring eyes." (I am no expert, however, so I'm merely speculating.) Who hasn't, at one time or the other, had the "feeling of being watched?" When this feeling is persistent, isn't that one of the classic symptoms of paranoia? To subject the entire populace to pervasive surveillance seems like a kind of torture -- even without considering the potential abuses.

"But what if it is impossible to put a pin on things that are fuzzy -- to define 'fair' use versus 'unfair'? This really takes us back to the question of who carries the burden of proof, and what are the rules of engagement, no?"

You are correct. My "proposal" (to erect privacy law on a foundation of intellectual property law) never got down to the hard work of spelling out what is and what isn't legal, or what the damages might be. That has to be done in any case. I was just expressing my concern that, without some underlying principles that anyone can grasp (such as, this is *mine*), we won't keep up with the innovation of the "bad guys."

"Defining information as property is how we will all lose. Defining privacy as a right is how we will win."

Win? I'm a little skeptical of these absolute-sounding win/lose projections (how exactly does one keep score) in philosophical reasoning.

I am tempted to split hairs about a right to property versus a right to privacy, but the deeper point is really that disparate philosophical systems often have incompatible axioms and rely on external systems for resolution. The property rights concept is tempting since it promises something from a system with more tangible and familiar boundaries...

In fact, in the hallowed American system of resolutions, California Senators Feinstein and Boxer proposed "the principle that consumers should have the right to decide when, how and to whom their personal information is shared." But even that phrase was too controversial for some in office, like Senator Shelby (R-AL), who openly said consumers should not care for protection from companies who want to expose their data to unknown affiliates:

http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2003/11/05/MNGOD2QBGB1.DTL

And the National Retail Federation even suggested that "The Feinstein-Boxer amendment could adversely affect retailers' ability to offer basic customer service and the access to credit that customers have come to expect".

I'm not sure what you all are expecting, but personally I would happily give up basic customer service if I could know with certainty that my privacy was being honored (this might be a good segue into the W3C P3P concept). Customer service has some value, but it's hardly in the same ball-park as privacy...

Anyway, it gets pretty sticky to say that defining privacy as a right will "win" when guys like Senator Shelby (a self-proclaimed privacy advocate himself) openly state that the right to privacy ends (is qualified?) wherever a large affiliation of loosely-connected companies might exist...

"The keys to making this work are aggregation and leverage."

Ah, there's that external system of resolution I was referring to just a minute ago...when everyone fails to agree on how to arrive at the definition of a "moral right", we end up moving down the well-trodden path to "might makes right".

Speak softly but carry a lot of leverage.

@Bruce
"Here's a great start: http://www.schneier.com/blog/archives/2006/02/a_model_regime.html"
Thanks Bruce, that was an interesting read. I agree that it's a start. Do you stand behind the analysis and suggestions of Solove and Hoofnagle? Is there any place where you have summarized your specific policy recommendations? Is there any similar work relating to video surveillance?

"Defining information as property is how we will all lose. Defining privacy as a right is how we will win."

Are these really incompatible viewpoints? How exactly do we lose by defining (personal) information as property?

[Sigh ... so many questions, so little time. You've probably answered them all before, several times over. Feel free to ignore.]

While you are right that legislation is needed to counter the technical erosion of privacy, the opposite is happening right now.

Europe has just recently nuked existing privacy protection in the telecommunications sector. While it was prohibited to store traffic data before, it will now become mandatory.

And at least as privacy violations by the government are concerned, recent developments in America don't give much reason for optimism either.

@ted
Free market mechanisms are, in an ideal world, the best way to go. But no single approach ever satisfactorily deals with every problem.

"markets always solve all the issues that are input into them, otherwise they wont be markets"

This depends on your definition of 'solve'. Just as in the discussion on the 'power imbalance' in interactions with authority figures, not all players in a market are equal. You may very well own your private data, but your assumption of the 'free market' assumes that no one will be able to force or leverage you into giving it up. What happens if you sell some of your private data to one party, who then sells it on to other parties (possibly for greater profit)? The moment you give up control of your data, it's gone. This would then require some form of legislation/government control (or other regulatory process) to enforce that 'what is yours is yours'. How do you enforce your control over your property? While I agree with you that .gov is often an impediment to market processes, it is also (in most systems) a prerequisite to allow that market to exist/function in the first place.

"In effect your rights are not yours, but a lease from giovernment. However, in a system where private property is respected and your privacy is your property, it is realy only you who decides what to do with it."

I entirely agree with your statement here, but the problem still remains that a 'system where private property is respected' does not truly exist.

@Bruce, Davi, Michael, et al (sorry to group you guys under one heading, I do realize you're making differing points)

Like you, I feel some form of legislation is the way to go. It is a slow, painstaking process that often runs years behind current issues, but as long as we live in societies where we must depend on 'the rule of law', governments, and judicial systems to look after our interests we must find a way to work within them to protect our interests. The problem all over the world at the moment is that, post 9-11, everyone is running scared. The words 'terrorist' and 'child pornographer' are being bandied around by every two-bit politician out to make a name for themselves by stepping all over civil liberties and privacy laws. It is a MASSIVE step backwards that legislation in Europe is leaning towards the more intrusive forms of surveillance but this is a direct reflection, I feel, of the increased political tension that is gripping Europe. What it comes down to, is that policy makers are as woefully un/misinformed as the general public and they do not understand the ramifications of policy they are currently championing. People who read this blog are already interested in privacy issues, but 95% of the world population couldn't care less (even if we ignore the masses for whom clothing, food and shelter are logical priorities over privacy). The sentiment that "if you're not doing anything wrong, you've got nothing to hide" seems to be a widely held point of view. Until we can find some way of informing these people why their privacy should be important to them, we have no real hope of countering the Big Brothers out there. I'm equally disturbed by the increasing 'wide-scale voyeurism' that is represented by 'reality' TV shows and 'Big Brother' type programs. It's almost as these forms of entertainment are paving the way for a new kind of society where we can all expect to be watched. Who knows, this may just be the natural direction in which human society is evolving.

To sum up my rambling post, legislation and public awareness are the way to go, mixed with increasing consumer awareness of how to guard the frivolous theft of his/her private data.

@Cowering

I think I explained what 'solve' means already - if you create demand and I create supply for it, then I solve your problem - it doesnt get simpler than that and in fact the supply and demand curve works always and everywhere on this planet of ours.

"What happens if you sell some of your private data to one party, who then sells it on to other parties (possibly for greater profit)? The moment you give up control of your data, it's gone."

What happens if you sell your property? Of course you lose control of it because you have transfered the property rights to another person. But, you might quite easily lease part or the whole of your property for a certain period of time and then regain it (as happens everywhere on the planet 24/7). Say, I am willing to lease the information concerning my shopping habits for the next month to a company. We sign a contract in which it is precisely stipulated that this is a lease (or a rent if you wish) and the other party has no right to re-sell the relevant piece of my private property (just like I have no right to re-sell my landlord's flat).
I find it astonishing that you would prefer to deliver your private property in the hands of a government bureacrat who has no contractual obligations to you and is in no way required to respect it, instead of securing the future of your private property through a contract.

As for legislation - everyone is repeating the utopian mantra that legislation will fix things. What you are saying in effect is that you are giving everything you have to a stranger and saying - here, I give you the power to legislate that I have right to this and no right to that, and some rights for something else. Of course a year later you wake up and you find out that the stranger has chnaged his mind and now the legislation says something entirely different.
Again - check out what is happening in the EU. Three years ago - 'great legislation for privacy protection', yada yada yada. Today - suddenly the government decided it will do different and sold you wholesale to the highest bidder.

Finally, it is a simply false claim that a governemnt is needed so markets can exist (eg. so that I can sell you apples). Spontaneous markets form constantly everywhere and thanks god there is still not enough government to cover them all. You are also wrong that a system where private property is respected does not truly exist - it appears in every willful exchange into which the government doesnt intervene.

I realy wish all of you believers in good government and eternal legislations are right, I realy do. Only that so far it hasnt happened and its been more than a century of legislation..

> "Some years ago I read a security book where the author said it was no use
> relying on laws for privacy and he'd rather rely on mathematics.

> I'm pretty sure he recanted in a later book.

Heh. Even geeks can't fight City Hall indefinitely. :)

That New Jersey bill mentioned by Anonymous Coward would certainly stifle blogging. After all, if the person running the blog could be sued for "compensatory and punitive damages as well as costs of a law suit" because someone posted a malicious comment and you, as the blog owner, were unable to verify the identity of the poster, many people running blogs would have to think twice about the financial risk of hosting such a forum.

Seriously, Bruce, what would you do?

"I realy wish all of you believers in good government and eternal legislations are right, I realy do. Only that so far it hasnt happened and its been more than a century of legislation."

It's not so much a belief in good government, but a desire to avoid alternative systems that have been proven to be less desireable.

The best security solutions are often found by dismissing the less favorable options, rather than by struggling in vain to achieve a perfect one.

Since we, as humans, are rarely keen to adopt the same philosophical foundations (thus subverting pure logic as a system of resolution), we end up seeking rules of engagement. The idea that government by definition hurts a free market is like saying that saddles hurt unicorns. If such a wonderful thing existed, we would be fools to try and control it, since it would by definition be utopian by universal standards (not to mention less prone to utter disaster -- real world attempts at free markets seem to consistently miss the fact that the private sector is NOT always well-intentioned and/or productive).

@ted:

(Sorry for mischaracterizing your original post.) One of my points is that, even if we define privacy as a property right (as you and I both have suggested), we still need legislation to specify unambiguously what this right is. The alternative is simply to "assert" these rights and hope, when a case finally wends its way, that the courts agree with you.

When the computers get smarter and their databases more interconnected, Arnold won't have to work so hard to find Sara Connor.

@ted:

Free markets can only remain free when buyers and sellers are free to ply their trade on an equal footing. You assume that all business practices are legitimate or that all market exchanges take place according to universal rules of engagement. In the case of trade disagreements/conflicts, or where a stronger party coerces a weaker, more vulnerable, party to act against their own best interest, non-regulated third-party arbitration or mediation will most likely not work. We're starting to slide a little off-topic here, but my point is essentially that a free market, without the larger context of certain regulatory limitations, cannot long remain free...it devolves into an arena of the survival of the strongest. This is no less dangerous than leaving your rights in the hands of admittedly fickle government bureaucrats.

@MIchael Birk

"we still need legislation to specify unambiguously what this right is"

And a body to 'enforce' it. It boils down to the fact that any system of agreement between two or more parties requires a regulatory authority whom the parties are willing to defer to in cases of dispute. It is not as important whether this regulatory authority is government, the courts or some other party as long as its authority is acknowledged by all parties involved. Otherwise it is left to each party in the transaction to 'enforce' their own rights; a situation which I think most people would not be too comfortable with.

Don't get me wrong, I'm not a big fan of letting .gov dictate whether or not I have a right to certain forms (if any) of privacy, but I have even less faith in big business.

@derf

"When the computers get smarter and their databases more interconnected, Arnold won't have to work so hard to find Sara Connor."

Yes, but would the Terminator be able to afford to pay the Data Miners for access to their Databases?

@Michael
@Cowering

Sorry guys to lump my reply to you together but this is really off topic and I want to be quick. Ultimately our discussion boils down to the old Platonic idea of 'fear of the mob' - if we dont have reason (government) to protect us, the mob (the power of the strong) will take us. This is a trick Socrates performs on the poor old sophists (in Plato's Gorgias) in order to create ground for the concept of universal reason, and this same trick is used by Plato for the argument on the need of a 'philosopher king' (or, a modern day fascism). In any case, both Socrates' and Plato's arguments are logically untenable. In a dynamic system (such as a human life-span), humans always tend to cooperate in the long run. Such cooperation of course does not eliminate violence but neither do governments (and all of us children of the 20th century should know very well what kind of violence are governments capable of).
Now, there is one specific argument one of you raised which is usually the favourite of proponents of government control over otherwise free individuals or communities. That is the 'who will enforce respect for property or contracts?' argument. There are both entirely economical and entirely historical answers to it but I will provide one very contemporary and relevant to this great blog. The arabic banking system known as 'hawla' (and targeted by the US gov for obvious reasons) has existed longer than any other banking system in history, that is, it is more than 1200 years old. It is (and has always been) entirely outside any government control, its rules are not written in any codex, it is largely record-free and arguably the most privacy secure money transfer system humanity has invented. Now, according to your and Bruce's theory such system is completely impossible. Yet, for more than 1200 years millions upon millions of people have enetered into contracts based entirely on trust and without a court or government bureaucrat there to assert what a 'right' is or what one can or cannot do with his money...

Ok I wont waste your time with my anarchical rambling any more.

Cheers

Good name in man and woman, dear my lord,
Is the immediate jewel of their souls:
Who steals my purse steals trash; 'tis something, nothing;
'Twas mine, 'tis his, and has been slave to thousands;
But he that filches from me my good name
Robs me of that which not enriches him
And makes me poor indeed.

William Shakespeare, "Othello", Act 3 scene 3

This quote I believe captures what personal privacy is really about. Preventing you from having information about me gives me some level of control over the definition and development our relationship.

About a year ago the IEEE Spectrum had an issue devoted to wearable computing. Some envisioned a scenario where you would be identified by my wearable computer as you approached me and all sorts of information would be retrieved and filtered through software to present me with "important facts" about you.

Most likely, you would see in your heads up display a flashing warning stating "Flaming Liberal A**hole" and would either immediately engage me in conversation or you would turn and retreat to the safety of Rush Limbaugh. In either case we might never find out what we shared as common interests or be challenged by logical conclusions different than our own.

As the level of surveillance gets worse it has an even more chilling effect of forcing me to either accept the consequences of my digital persona or to take actions to project a different digital persona in which case I become a slave to that image of myself. Consider, for example, being afraid to read an article in al Jazeera for fear it would adversely affect some of my relations. Then consider the consequences of the loss of a different perspective if I choose to not read that article.

The problem with the 'market' - is that it is not a free market and practically has never been in the entire history of the US. The 19th century was mostly free-market, the 20th century in the US is a period one could describe as statist, corporatist, proto-fascist, protectionist, nationalist, and intervention (market-hampering). Some would say the turning point was the Progressive Era, some would say Civil War (really: War to prevent Southern Seccession) but regardless whenever one sees a so-called 'market failure' what they really see is the culmination of past government interference.

For those who think that corporations will seek profits, that is the case indeed. But one has to remember that the consumer is king. Consumers are a fickle lot who decide what goods and services they want and will exchange freely with the companies that provided for them - neglecting and bankrupting the ones that don't. If privacy is as important as people here seem to think (I agree) then the way to make PROFITS, would be to PROVIDE PRIVACY. You get it? You make the solution a profit opportunity - and guess what? It will be supplied.

Using the gov to legislate will like so many other things lead to the very opposite of what is wanted. Why do people still insist on good government when the biggest problems of today always arise from previous interventions by this venerated group?

@ ted

Interesting comments

"Yet, for more than 1200 years millions upon millions of people have entered into contracts based entirely on trust and without a court or government bureaucrat there to assert what a 'right' is or what one can or cannot do with his money..."

Story-telling, poetry, song and other oral traditions had a similar system but clearly it has succumbed to DRM issues over the past century. I challenge anyone to say this has been a clear case of benefiting the consumers. Disney has managed to trademark a vast number of representations of folk-tales, such as their interpretation of Cinderella, that has actually arguably impeded creative growth and innovation in some specific areas:
http://en.wikipedia.org/wiki/Cinderella

I guess this takes us back to the question of, despite history, who will end up defining/controlling public privacy rights. Imagine Disney diversifying...

@ quincunx

"But one has to remember that the consumer is king. Consumers are a fickle lot who decide what goods and services they want and will exchange freely with the companies that provided for them - neglecting and bankrupting the ones that don't."

Wow. I'd like to meet one of these super consumers and the even ground you describe. They sound awesome. Back to reality...

@Cowering

In your last response to Michael Birk you seem to be sound on the concept of third party arbitration and mediation. Yet you do not apply it to your response to ted. The free market can provide these agencies as well. Two parties in exchange may already be represented contractually in advance by these agencies, and these agencies may already have contracts with each other. In other words you have a decentralized government - or free government. Every free individual can be represented by such agencies, and every individual can quit and join another one. Unlike involuntary taxes expropriated by a monopolist- you voluntary pay an 'insurance premium' for being represented by your agency.

Because you pay for this voluntary - any attempt by your agency to break your contract or otherwise engage in immoral behaviour towards you or others will result in you withdrawing your funds from this agency. Any agency that uses force as it's primary arbitration tactic will be bankrupted. Compare this with what we have now - war is waged and paid for by willing AND unwilling citizens who took no role in engaging in it. It is obvious that when one doesn't have to use his own money - one will be a much greater risk taker and warmonger.

For those who think that the above is insane - let them be aware that we are still living in an age of barbarism. True civilization, if it is to come, must ultimately rest on the free market based on private property that is homesteadable and contractually exchanged.

@Davi

"Story-telling, poetry, song and other oral traditions had a similar system but clearly it has succumbed to DRM issues over the past century. "

And DRM is enforced by who? The big corporations (the result of which I describe is precisely because of previous government intevention) ? Who gives these corporations arbitrary monopolies on intellectual rights? And who backs up the MPAA and legislates to augment technological devices? The big corporations are no saints but they are powerless without the tool of government!

Offtopic: Unlike a given chair (private physical property), that I may own - and you obviously may not, Intellectual property is not really property. My creations and ideas do not impede you from having the similar creations and ideas.

"Wow. I'd like to meet one of these super consumers and the even ground you describe. They sound awesome. Back to reality..."

Although it pains me to answer this: YOU, for one, me for another and basically everyone that can make a subjective value judgment to purchase the goods and services that satisfy THEM.

I know where you are coming from - you look upon people as sheep and chickens without heads. But certainly that cannot be case - otherwise our civilization would be in constant regression. You make the mistake of using your own subjective judgments to criticize other people for not seeing to your superior knowledge and wisdom.

I'm inclined to think you were joking, but tell me where that is not the case. How can an exchange between a business and consumer not be mutually beneficial in the ex ante sense?

@Davi

"Wow. I'd like to meet one of these super consumers and the even ground you describe. They sound awesome."

Here you go. Ask yourself, "Who caused this to happen?"
http://finance.yahoo.com/q/bc?t=1y&s=TM&l=on&z=m&q=l&c=gm

@quincunx, @ted, et al:
Your ideas intrigue me and I wish to subscribe to your newsletter.

Seriously, you are free to debate any topic you wish, but it seems to me that you are describing a parallel reality. It is an honorable world, populated by some of history's greatest thinkers. But it is also a platonic world, only intersecting with ours in thoughts, dreams, and revolutions.

Are you advocating revolution? What would you have me do, today, tomorrow? Nothing? Call me a pragmatist, or call me a fool, but I don't see any alternative to legislation (or constitutional amendment). Like it or not, that's our system. Indeed, new privacy laws will be created; it's merely a question of whose interests they will represent.

So far, the only practical suggestion that I have heard came from Bruce, via Solove and Hoofnagle, in A Model Regime of Privacy Protection: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=681902

As Bruce said, it's a start.

The only revolution that is sustaining is one that is built on sound ideas. If one carefully observes the past - they will see that our history is riddled with episodes of freedom and despotism. Indeed there is a cycle between the two. Once you have freedom - it seems that it's value eventually declines. If you want to do something, follow what you said in the first sentence.

Note Bruces term 'Regime' - as if a one size fits all solutions ever work. Do not forget that the biggest usurper of privacy is the very institution that he suggests should pursue HIS one-size fits all policy, UNIFORMLY across the land. Have you ever heard of a corporation that handed out unique IDs such as SSNs and Driver's Licenses? The fact that they check for them is only because they are mandated to do so.

History is riddled with 'experts' who aspire to make society better - only to have the very opposite outcome of what they thought.

There is also the question of who will interpret and enforce the law? Oh that's right, the very agency that legislates it.

In case you do not know, the US Constitution has been so abused - that frankly I don't know why we still use it. We believe it still means something - but the interpreters have drastically changed it's meaning.

I can give you some examples. The Federal Reserve Act was admitted unconsitutionaly. The 16th ammendment (Income Tax) was struck down as unconsitutional the first time it was proposed - although later still ammended, albeit in an unconstituional manner. Remember Alcohol prohibition? At least that was an ammendment - what about drug prohibition? They didn't see a need for that anymore. The right to own guns - is no longer a right, but a privelege (yes, having to fill out a form makes it not a right). Distributivism (welfare) was found unconstitutional in the 1890's.

How about the recent CAN-SPAM act? Did you think it would reduce the number of spam? Do you still believe it could work if serious money and enforcement was applied (imagine the privacy violations with that!).

Well with proper theory one can tell a priori - that such legislation could not reduce the amount of spam. The ONLY thing it could do is reduce the number of spammers. See the difference? In the attempt to do something 'good', enforcing it severely would not only violate the rights of innocent people, but also create a spam cartel. The drop in the supply of spammers (from fear or captue), would only create more incentive to come into the 'lucrative' spamming business. Now you see the parallel of why drug prohibition does nothing to reduce the amount of drugs traded. The only thing that could reduce spam is A) technological developments created in the market. B) people realizing that they do not want/need to buy from spammers (hence reducing demand for their crap) - and since people engaging in voluntary exchange is the market - the solution to both is: the market.

Here is my approach to minimize the privacy issue (note that you can't get rid of it completely as long as people are willing to engage in trade):

1) Get rid of social security
2) Private Roads
3) Privatize Driving Certification
4) Get rid of the FCC
5) Get rid of burdonsome business legislation
6) Get rid of antitrust laws (really anti-competition laws)
7) Get rid of zoning laws
8) Get rid of occupational licensing (another cartelizer)
...
Just go on down the line, getting rid of as much as you can.
...
the more things you get rid off the better off everyone will be.

Just #1 and #2 will do a lot already.

"As Bruce said, it's a start."

Indeed it is a start - but the question is really if it'a a good start. I do not deny that it MIGHT be beneficial, but I feel that

A) it is incompatible with a lot of other legislation, which will create moral hazard for everyone, or it will be extremely compromised and augmented that the ending legislation will be worse.

B) It may go through and be a 'dead letter' and ineffective document that no one really wished to implement.

C) It is absolutely wonderful and every business wishes to adopt it, except the only ones who manage to do so are the ones that have economies of scale, and I don't mean that in terms of production. I mean that in terms of bureaucracy. I fear that the this burdonesome legislation might cartelizze many industries to a further extent in favor of those that have economies of scale in bureaucracy. Which in time, hapless individuals will wonder why we keep having a lot of concentration in industry, as if economic theory or empirical evidence does not exist to show why this happens.

@quincunx:
Thanks for your thoughful reply. By quoting the great Homer (Simpson), I joked (or rather, tried). But in fact, your ideas do intrigue me, and they are certainly worthy of discussion and debate. I agree that the Constitution has been -- is being -- corrupted by powerful forces, and, to quote a revolutionary, "I have not yet begun to fight." I was not around when battles waged over Income Tax, Prohibition, or Civil Rights. But I am here now, during the battle over Privacy.

"Here is my approach to minimize the privacy issue ...

1) Get rid of social security
2) Private Roads
3) Privatize Driving Certification
4) Get rid of the FCC
5) Get rid of burdonsome business legislation
6) Get rid of antitrust laws (really anti-competition laws)
7) Get rid of zoning laws
8) Get rid of occupational licensing (another cartelizer)"

Perhaps, but how realistic is this, without incurring a bloodbath? How many people would support these changes?

"Indeed [the Solove and Hoofnagle proposal] is a start - but the question is really if it's a good start."

I agree completely -- hence the desire for more debate. It's worth going back and reviewing Bruce's old threads on the subject, but I still found myself wanting. Your concerns about this proposal are valid, but I think it is worthy of closer scrutiny.

In my opinion the paper reveals it's backwards-facing view, for example, with the naive suggestion to bar businesses from using the SSN as an identification number (section III-8, page 18). To what end? Since it is already in common use, it's not a secret. Moreover, it would cost enormous sums of money to update existing systems. The SSN would merely be replaced with some other de-facto universal identifier. I can see some benefits to this idea, but not the ones described in the paper.

However, they've already been beat up over that one (the "Comments" section is particularly interesting), so let's examine another suggestion: One-Stop Exercise of Rights. Mimicking the "Do Not Call Web site ... individuals should be able to enroll in a centralized do-not-share registry" (section III-3, page 14). This is, in my opinion, an unnecessary capitulation. The Do Not Call plan was a "compromise" to appease existing telemarketers; what reasonable person chose not to enroll because they actually wanted calls from telemarketers? (To be sure, some chose not to enroll for other reasons.) The danger posed by data brokers is much greater than that of the telemarketer. If this proposal is boiled down to an on-off switch, I think it is worthless. (To be fair, they do propose a screen with some fine-grained control.)

I suppose this paper takes an even "more pragmatic" tack than I would. Moreover, it's scope is fairly limited to that of data collection. It doesn't discuss penalties in detail. What about video surveillance, face recognition, "xray vision," and all the other new -- and sometimes frightening -- technologies coming down the pike?

It's a start.

"Thanks for your thoughful reply. By quoting the great Homer (Simpson), I joked (or rather, tried). But in fact, your ideas do intrigue me, and they are certainly worthy of discussion and debate. I agree that the Constitution has been -- is being -- corrupted by powerful forces, and, to quote a revolutionary, "I have not yet begun to fight." I was not around when battles waged over Income Tax, Prohibition, or Civil Rights. But I am here now, during the battle over Privacy."

I got the Simpsons reference. I say it myself all the time.

Indeed you are here and now discussing Privacy, but I would not bring up the others if they had no relevance. They demonstrate what happens when you leave market forces and plunge into political backwaters. Just the concept of having an agency protect my privacy when it itself is the biggest usurper of it, strikes me odd and to use a scientific term: ass backwards.

"Perhaps, but how realistic is this, without incurring a bloodbath? How many people would support these changes?"

Well, if one traces the origins of all these you'd see that they did cause some mayhem, and possibly bloodbaths. The reason they came into being was the intellectual climate of the time. Things were promised to people - and the arguments sounded good (btw, most of these came over from Germany in the late 19th century. Germany being the origin of PhDs), and people being rationally ignorant, and economically ignorant went along with it.
But these ideas were bad - they had consequences - and then we have today. Today is the culmination and legal aggregation of poor ideas of the past, most of them incompatible with the past past (constitution) - but because one agency legislates and the SAME one judges (they both steal your money) - this perversion of law has occured and will continue to occur as long as the same intellectual climate clamors for fascism, mercantilism, and all-around statism of the recent past.

The way to achieve the objective is to spread the right ideas - and argue why government intervention does not and will never work (duh, unless the intervention is to get rid of past intervention completely at once or step-by-step).

"I agree completely -- hence the desire for more debate. It's worth going back and reviewing Bruce's old threads on the subject, but I still found myself wanting. Your concerns about this proposal are valid, but I think it is worthy of closer scrutiny."

I agree, which is why I said it MIGHT work. But it will definitely work if the other side of ledger gets rid of past intruding legislation.

"In my opinion the paper reveals it's backwards-facing view, for example, with the naive suggestion to bar businesses from using the SSN as an identification number (section III-8, page 18). To what end? Since it is already in common use, it's not a secret. Moreover, it would cost enormous sums of money to update existing systems. The SSN would merely be replaced with some other de-facto universal identifier. I can see some benefits to this idea, but not the ones described in the paper."

The problem with SSN is that it exists at all. SSN is your key to government programs, this is precisely why it is so intrusive. The problem with it is that it is heavily cross-referenced. If that was not the case it wouldn't be a cause for great concern. Example: My banks, my credit card, my electric bill, my 'shopping' cards, my cell phone ALL have different unique identifiers. None of these businesses knows the unique IDs of the other. Without government, they would be under contractual obligation to not disclose this information (otherwise I'd go to a business that didn't - like I said they will be the profitable ones).

Government (Federal and State) comes in and says we need to have unique IDs for various reasons - mostly to steal your money and obtain government 'services'. Bam! Now every business CAN use these unique IDs and externalize the cost of enforcing their own contracts onto the taxpayers. And because it's beneficial to do so - they do it! Reduced cost at public expense is an attractive avenue.

Because government isn't very competent, innovative or productive - they will typically outsource the task of data-mining to third party corporation(s) - typically they will create a monopoly or a cartel in doing so, like for example the credit market.

"I suppose this paper takes an even "more pragmatic" tack than I would. Moreover, it's scope is fairly limited to that of data collection. It doesn't discuss penalties in detail. What about video surveillance, face recognition, "xray vision," and all the other new -- and sometimes frightening -- technologies coming down the pike?"

The answer is: Private property rights. If you own something and want to put a camera - then that is your decision. Someone else will have to take that into account if they want to do business with you. The fact is most private businesses do so precisely to reduce crime either from the outside or within. Which I guess makes some people safe. Others do not like it and will shop in a place that doesn't monitor. This is what happens when no unifrom solution is mandated by the nanny state.

X-Rays are bloody expensive and create health risks - so in checking someone out you are physically damaging their body. Which is a crime in itself, UNLESS you contractually, implicitly or explicitly sanction it.

If their is any detriment in scanning your face, the same thing applies.

Keep in mind that most people find these expensive, cumbersome, and YES indeed the market (if not hampered) will show itself how useful they are. Typically only the government and highly skilled criminals will have them. And that is something that should be of great concern to everyone.

"It's a start."

I wish I can share in the optimism, I used to. Then I learned history, politics, and economics. Now I know better.

---

@Bruce:

Thinking it about it some more,

Why would a security expert that makes a plea for simplicity every chance he gets, propose a political solution that results in more complexity written in the jarbled language of lawyers and legislators.
Why do you want to add another patch to a Leviathan monster that is the origin of all privacy violations?
Why add another piece of legislation that will be added to the growing multi-volume book set of federal laws whose INDEX is now over 1000 pages? Especially when it will conflict with the other jumbled non-sense already contained in it (just like everything else past page 1).
It's a hack and you know it. You can't make up a bad design with a quick patch.

I suggest you take your own advice and apply it to the world of acting men and women - who in my opinion do not need a nanny to create privacy rights for them - when their non-alienable rights have already been reserved by being alive, and yet they have been taken away by the nanny 'for their own good'.

If you really want to make a difference then advocate the very opposite of making laws that benefit ANY group at ANY time. Act to repeal laws already in place and have been in place for a long time that creates the very incentives and intrusiveness that you seek to abolish.

I am a big fan of your work, so I don't mean to insult you.

"I suggest you take your own advice and apply it to the world of acting men and women - who in my opinion do not need a nanny to create privacy rights for them - when their non-alienable rights have already been reserved by being alive, and yet they have been taken away by the nanny 'for their own good'.

"If you really want to make a difference then advocate the very opposite of making laws that benefit ANY group at ANY time. Act to repeal laws already in place and have been in place for a long time that creates the very incentives and intrusiveness that you seek to abolish.

"I am a big fan of your work, so I don't mean to insult you."

Not insulted; don't worry about it.

Adding more laws does add complexity, but it adds less complexity than would result without the laws. So I am advocating more complexity, but I am also advocating the least complexity possible.

I get that there are people who want to repeal as many laws as possible, and think that this somehow makes things better. I think these people have no understanding of the system mechnics of laws, and how they really work.

There really is no way to deal with this privacy problem without laws protecting it as a right. The market can't solve this problem, because the market mechanics are what create it.

Sorry; I don't have an explanation on this in my head that isn't book length. I'm working on it.

@ quincunx:

"Get rid of antitrust laws."

Wow. Reading the rest of your post, I don't think you are anti-capitalism. But the basic mechanic of capitalism fails when you get rid of anti-trust laws.

Anti-trust laws are a fundamental security mechanism that prevent competitors from colluding. Without it, capitalism simply fails.

That seems like a very bad idea. Capitalism is the best economic system I know of.

(This is probably way off topic for this thread....)

"Adding more laws does add complexity, but it adds less complexity than would result without the laws. So I am advocating more complexity, but I am also advocating the least complexity possible"

I'm having trouble deconstructing this. You are saying that complexity in law may yield simplicity in practice?

Does this apply to your law? some laws? more laws? or all laws?

"I think these people have no understanding of the system mechnics of laws, and how they really work."

Uhm, they typically use compulsion and coercion to control the behavior of its citizens. I know that every civilization in history has prior to being defeated, created tons of laws that hampered economic progress. Things like price fixing, and regulation have brought down more civilizations than one realizes. China's decline in the 15th century is a testament to that.

I know that prohibition does not work, and creates underground economies.

I also know that laws are passed on the pretense that they beneficial - yet economic realities always bite back. Give me an exclusively public law (not one that is also private - like not stealing) - and I will tell you the harm it created, and usually the typical propaganda (or plain misconceptions) that was used to popularize it.

"There really is no way to deal with this privacy problem without laws protecting it as a right."

I agree, but why one-size-fits-all governmented mandates top-down law?

"The market can't solve this problem, because the market mechanics are what create it."

The market created social security, and has been issuing driver's licenses?
Today's bank's regulate themselves, and use a commodity money? The market created a big central bank that 'legally' counterfeits money? The market steals money from you by threat of force, and then uses it to give to other people, just so that they would vote for their CEOs?

Some members of the market did that, but only using the government as its tool!

"Sorry; I don't have an explanation on this in my head that isn't book length. I'm working on it."

Will be glad to read it. Carry on.

"Wow. Reading the rest of your post, I don't think you are anti-capitalism."

Of course not. Why would I be against civilization? I adore it.

"But the basic mechanic of capitalism fails when you get rid of anti-trust laws."

That's what they told me in school too, and I believed it, but upon careful research, it turned out not to be the case. In fact there is much literature to this.

In fact, almost unanimously every economist in 1890 rejected the Sherman Anti-Trust Act. The biggest misconception is the definition of a monopoly, whose classical meaning for over 400 years has been augmented in favor of the "perfect competition model" appearing in the 1920's. This model creates a nirvana fallacy of 1) many small firms 2) perfect knowledge 3) homogeneous products 4) low transaction, and then uses mathematical formulas to see if the market conforms to this. Seems ridiculous right? Here is the classical definition: A monopoly is what a government creates, confirms, charters, or otherwise (here is the relevant part) creates laws in such a way as to have restrictive barriers to entry for competitors. Those who are ignorant of economics are typically blind to the fact that their own legislation creates that environment.

Why did this model permeate? Well I guess economists realized that earning an academics salary is just not as good as being an anti-trust consultant. Also, telling people that the economy can be somewhat controlled got you a decent post at a prestigious university or otherwise a lucrative government job. Economists naturally did their cost-benefit analysis, and chose wisely.

"Anti-trust laws are a fundamental security mechanism that prevent competitors from colluding. Without it, capitalism simply fails."

Security mechanism? So if me and my friends decide to do with our properties as we wish - we should be jailed or otherwise threatened?

Every law is an act of collusion. A few people get together, babble a lot, make it a law - and bam! everyone